To fully secure devices, developers and administrators can combine multiple mechanisms. In addition to using the built-in security features of both the device and SAP Mobile Platform, SAP recommends that you also use Afaria so you can remotely initiate security features as required.
Application authentication is defined by the developer, managed by the administrator in Management Cockpit, and processed by the core CSI in SAP Mobile Platform Server.
- The client sends the application ID and user credentials (including user name and password, certificate, or token) to SAP Mobile Platform.
- SAP Mobile Platform uses the application ID to find the security profile that should authenticate the user credentials, and invokes the authentication providers in that profile to perform the authentication.
- When authentication succeeds, the user credentials or additional credentials derived during the authentication process are made available as SSO material towards the back-end systems.
- Use SAP SSO2 Token when connecting to an SAP back-end system
- User provides credentials for the SAP Mobile Platform Server authentication, which in turn provides a MYSAPSSO2 token.
- That same token can be used to connect to all back-end systems.
- Use X.509 certificate when connecting to an SAP back-end system
- A trusted certificate can be used with all back-end systems.
- Use basic authentication when connecting to any back-end system
- The SAP Mobile Platform Server authentication and all back-end systems should have same user name and password.
Developers define SAP Mobile Platform security features for devices, including data encryption, login screens, and data vaults for storing sensitive data. Developers use the Client Hub, integrated with Logon Manager, which simplifies user onboarding and configuration to enable easier and faster enterprise-wide deployments. The Client Hub reduces the effort required by the end user to manage multiple passwords for mobile applications and improves the user experience.